iptables/NAT problem?

Markolbert at aol.com Markolbert at aol.com
Fri Feb 20 19:21:19 PST 2004


I'm running into a "hair tearing" problem getting a LFS 5.0 system to handle 
NAT properly. I'm not sure if I've misconfigured something in the network 
config files, or if there's a bug somewhere.

The LFS box is used as a firewall/router for a Windoze LAN, connected to a 
DSL line. It is replacing an earlier linux firewall/router that recently got 
hacked by some malicious bozo. DNS for the private LAN runs on a Win2K server, 
with forwards (through the LFS box) to my ISP's DNS servers.

After setting up the simple NAT firewall described in the BLFS, I can ping 
external IP addresses, and do DNS lookups on them. I can also do this from the 
Windoze clients. I can use lynx to surf to websites from the LFS system. I can 
also establish FTP connections (using lftp) from both the LFS system and the 
Windoze clients, and browse FTP directories.

But if I try to surf to a website from one of the Windoze clients, or 
download a file via FTP, the connection is established but then immediately stalls 
(e.g., the web browser shows "Opening page xxx", but nothing shows up; 
similarly, the ftp download starts, but, for example, lftp shows no progress on the % 
downloaded status line).

I've run tcpdump on both the internal/LAN and external NICs on the 
firewall/router, and there is a lot of traffic. In fact, I can see packets come in from 
a Windoze browser on the internal NIC and then go out on the external NIC, and 
then see packets coming the other way. But whatever those packets are, they 
aren't resulting in the display of any web pages!

Does anyone have any suggestions on how to troubleshoot/resolve this problem?

Thanx in advance!

- Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfromscratch.org/pipermail/blfs-support/attachments/20040220/eb21fbcb/attachment.html>


More information about the blfs-support mailing list